In article <[email protected]>, <[email protected]> wrote: >I have already tested a configuration that only uses /etc/ipf.conf. > > block in on ixg0 family inet > pass in on ixg0 family inet6 > >The first line blocks all ipv4 traffic. It works. >The second line should allow only ipv6 traffic. But the second line also >re-allows ipv4 traffic. So I assume that the address family is not >evaluated correctly.
Why don't you make the first rule final? christos
